Detailed access control for WebDAV ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
I wondered about the fact, that detailed access control rights for WebDAV shares are relatively difficult to configure in Apache 2.2. To show this, I give an relatively simple example. But you also can skip this example.
A small group of users "group1" should have full access to a directory "/dir1".
Another group "group2" which should only have full access to some subdirectories of "/dir1", e.g. "/dir1/dir11". But "group2" users should be capable to browse to their subfolders using an WebDAV client (e.g. MS explorer). That means, that they need a "browse right" (for MS explorer this is PROPFIND and OPTIONS). 

Technically spoken I want to have such rights:

"group1" on "/dir1": everything
"group2" on "/dir1": PROPFIND, OPTIONS
"group2" in "/dir1/dir11": everything

Here is my configuration:

        <Location /dir1>
                <Limit PROPFIND OPTIONS>
                        require group group1 group2
                </Limit>

                <LimitExcept PROPFIND OPTIONS>
                        require group group1
                </LimitExcept>
        </Location>

        <Location /dir1/dir11>
                require group group1 group2
        </Location>
This configuration works as expected. 

Is there no better solutions for configuring access rights?
Currently the access control features of Linux (standard UNIX rights or ACLs) are not really used, because Apache uses only 1 user for all client connections.. I think about running an Apache server instance for each WebDAV user so that the Linux rights could be used. But this causes other problems, e.g. 

  1. How to configure the Apache proxy, so that all users have a common
     start directory?
  2. How could the users configure the access rights with their client?
  3. Are there other WebDAV servers, which could better deal with
     detailed access rights for WebDAV?

Do you have any ideas or example configurations?

Greetings,
Björn

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux